Abstract | ||
---|---|---|
In 2007, Sun et al. (IEEE Trans Inf Theory 53(8):2922---2933, 2007) presented new variants of RSA, called Dual RSA, whose key generation algorithm outputs two distinct RSA moduli having the same public and private exponents, with an advantage of reducing storage requirements for keys. These variants can be used in some applications like blind signatures and authentication/secrecy. In this paper, we give an improved analysis on Dual RSA and obtain that when the private exponent is smaller than $$N^{0.368}$$N0.368, the Dual RSA can be broken, where N is an integer with the same bitlength as the modulus of Dual RSA. The point of our work is based on the observation that we can split the private exponent into two much smaller unknown variables and solve a related modular equation on the two unknown variables and other auxiliary variables by making use of lattice based methods. Moreover, we extend this method to analyze the common private exponent RSA scheme, a variant of Dual RSA, and obtain a better bound than previous analyses. While our analyses cannot be proven to work in general, since we rely on some unproven assumptions, our experimental results have shown they work in practice. |
Year | DOI | Venue |
---|---|---|
2017 | 10.1007/s10623-016-0196-5 | Des. Codes Cryptography |
Keywords | Field | DocType |
Dual RSA,Cryptanalysis,Coppersmith’s method,\(L^3\),algorithm,94A60 | Integer,Key generation,Discrete mathematics,Authentication,Exponent,Lattice (order),Cryptanalysis,Arithmetic,Moduli,Modular equation,Mathematics | Journal |
Volume | Issue | ISSN |
83 | 1 | 0925-1022 |
Citations | PageRank | References |
4 | 0.42 | 16 |
Authors | ||
5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Liqiang Peng | 1 | 38 | 8.37 |
Lei Hu | 2 | 109 | 12.21 |
Yao Lu | 3 | 4 | 0.42 |
Jun Xu | 4 | 18 | 6.22 |
Zhangjie Huang | 5 | 19 | 4.02 |